You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by COURTAULT Francois <Fr...@gemalto.com> on 2015/06/10 08:35:32 UTC
RE: [+SPAM+]: Re: Question about WSS and timestamp
Hello Colm,
Thanks for replying.
I want both for creation and verification and also both for the method (using WS-SecurityPolicy or not).
Best Regards.
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: lundi 8 juin 2015 15:32
To: users@cxf.apache.org
Subject: [+SPAM+]: Re: Question about WSS and timestamp
The short answer is yes. Do you want to change the creation of the Timestamp or the verification? Using WS-SecurityPolicy or not?
Colm.
On Fri, Jun 5, 2015 at 7:24 PM, COURTAULT Francois < Francois.Courtault@gemalto.com> wrote:
> Hello everyone,
>
> Is it possible using cxf api, to control the accuracy (for example
> milli-second) of a WSS timestamp ? Something like:
>
> <wsu:Timestamp xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-uti
> lity-1.0.xsd
> ">
>
> <wsu:Created>2015-06-03T03:43:07.365Z</wsu:Created>
>
> <wsu:Expires>2015-06-03T03:44:07.532Z</wsu:Expires>
>
> </wsu:Timestamp>
>
> If yes how ?
>
> Best Regards.
> ________________________________
> This message and any attachments are intended solely for the
> addressees and may contain confidential information. Any unauthorized
> use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable
> for the message if altered, changed or falsified. If you are not the
> intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this
> transmission free from viruses, the sender will not be liable for
> damages caused by a transmitted virus.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Re: [+SPAM+]: Re: Question about WSS and timestamp
Posted by Colm O hEigeartaigh <co...@apache.org>.
You can control various aspects of the Timestamp creation via configuration
tags: http://ws.apache.org/wss4j/config.html
precisionInMilliseconds Set whether outbound timestamps have precision in
milliseconds. Default is "true".
timeToLive The time difference between creation and expiry time in seconds
in the WSS Timestamp. The default is "300".
For WS-SecurityPolicy, I'm not sure if precisionInMilliseconds will work or
not. The TimeToLive equivalent is:
ws-security.timestamp.timeToLive
WSS4J also defines a WSTimeSource interface, which allows you to plug in a
custom Time:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/WSTimeSource.java
This can be set on the WSSConfig Object.
You can control the verification of a Timestamp via various configuration
tags you will find in the URL given above. If you want to do anything more
fine-grained, you simply override or implement a new WSS4J Validator for
Timestamps, and plug that in instead.
Colm.
On Wed, Jun 10, 2015 at 7:35 AM, COURTAULT Francois <
Francois.Courtault@gemalto.com> wrote:
> Hello Colm,
>
> Thanks for replying.
> I want both for creation and verification and also both for the method
> (using WS-SecurityPolicy or not).
>
> Best Regards.
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: lundi 8 juin 2015 15:32
> To: users@cxf.apache.org
> Subject: [+SPAM+]: Re: Question about WSS and timestamp
>
> The short answer is yes. Do you want to change the creation of the
> Timestamp or the verification? Using WS-SecurityPolicy or not?
>
> Colm.
>
> On Fri, Jun 5, 2015 at 7:24 PM, COURTAULT Francois <
> Francois.Courtault@gemalto.com> wrote:
>
> > Hello everyone,
> >
> > Is it possible using cxf api, to control the accuracy (for example
> > milli-second) of a WSS timestamp ? Something like:
> >
> > <wsu:Timestamp xmlns:wsu="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-uti
> > lity-1.0.xsd
> > ">
> >
> > <wsu:Created>2015-06-03T03:43:07.365Z</wsu:Created>
> >
> > <wsu:Expires>2015-06-03T03:44:07.532Z</wsu:Expires>
> >
> > </wsu:Timestamp>
> >
> > If yes how ?
> >
> > Best Regards.
> > ________________________________
> > This message and any attachments are intended solely for the
> > addressees and may contain confidential information. Any unauthorized
> > use or disclosure, either whole or partial, is prohibited.
> > E-mails are susceptible to alteration. Our company shall not be liable
> > for the message if altered, changed or falsified. If you are not the
> > intended recipient of this message, please delete it and notify the
> sender.
> > Although all reasonable efforts have been made to keep this
> > transmission free from viruses, the sender will not be liable for
> > damages caused by a transmitted virus.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
> ________________________________
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com